Another new MS worm!

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Well, it was bound to happen.

There's a new worm out there that shuts down the MSBlast (LoveSan) worm process, downloads the appropriate MS patches / updates and installs them, then deletes the MSBlast worm and itself ...

Other than the fact this worm is taking a whole lot of network overhead, might this be a "good" worm? /ubbthreads/images/graemlins/rolleyes.gif

Is this Microsoft's answer to MSBlast? /ubbthreads/images/graemlins/grin.gif

Worm Report.

T_sig6.gif
 

Saaby

Flashaholic
Joined
Jun 17, 2002
Messages
7,447
Location
Utah
This worm won't run on my system either Tomas, where do they keep the Mac virusses?
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
I could give you a link to them, Saaby, but then I'd have to kill you ... /ubbthreads/images/graemlins/grin.gif

They really are out there, and have caused problems before (mostly OS 9 and earlier), but most have been the sort that required being brought into a machine in removable media (floppie, whatever) rather than something that penetrates.

So long as you aren't running a server on your Mac and don't have open filesharing and a bunch of holes in your built-in firewall (it is turned on, right?) then you really shouldn't have a problem. You do keep up on your security updates, eh (latest one 8-14)?

Oh, and to those who say Microsoft ONLY gets hit 'cause they are the majority system, check out last year's MS worm that attacked only MS IIS servers on the web. Those servers have about the same penetration on the web as the non-MS stuff does on the desktop - maybe even less.

Even though the number of possible affected machines were a tiny minority campared to *nix machines, they were atacked. Probably 'cause they were an easy target, not to get the biggest affected group ... Remember, right now MS has had about 30 exploited security holes so far just THIS year, but don't worry, there are plenty more holes. /ubbthreads/images/graemlins/smile.gif

Yes, there are virus and worm possibilities out there in the *nix and Mac world, and a few get built, but they aren't quite as easy to attack, and their security isn't quite so 'swiss cheese armor.'

T_sig6.gif
fan.gif
 

Chris M.

Flashlight Enthusiast
Joined
Jan 17, 2001
Messages
2,564
Location
South Wales, UK
Well good bad or indifferent, I`m getting hammered by this worm tonight. Over 200 intrusions in the last 10 minutes alone. All blocked by Zonealarm of course.

Make that 300. I`ve never seen so much activity in the alert event log......

/ubbthreads/images/graemlins/icon15.gif /ubbthreads/images/graemlins/eek.gif
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Another news item, posted here in it's entirity since most folks won't click links.

This just goes to show how well many Windoze users keep their systems updated and running correctly. This security flaw was brought out months ago. Microsoft posted the "Critical" level security patch in it's sites over a month ago,

For over a week the MSBlast worm and TEEKIDS, and a couple of other variants of the LOVESAN exploit have been running rampant on the net. Eeveryone who has a computer on the internet HAS to be aware of it by now.

Yet another worm attacking the same defect in the programming has hit, the "Welchia" worm which eats the MSBlaster worm.

<RANT>
There are STILL enough infected MS Windows 2k and XP machines out there that the entire network is being dragged down by the huge traffic load of all these broken machines screaming their heads off looking for more broken machines.

What we need now is a worm that finds each one of these broken machines that is disrupting the entire net and feed them something that utterly destroys them. Enough's enough.

I don't know about all of you, but I still get my daily e-mails of last year's two big Microsoft viruses. That means that there are still machines out there poorly enough maintained that things that were patched over a year ago are still running on machines that are just plain broken.

If the operators of those machines are so incompetent or uncaring that they are STILL inflicting that crap on us, they should not have machines with 'net access, period.

</RANT>

Anyway, here's the news item:

[ QUOTE ]
COMPUTER WORM THWARTS POWER SYSTEM REPAIR IN CANADA
Tue Aug 19 2003 20:33:34 ET

TORONTO (CP) _ A computer worm designed to eliminate an earlier virus brought computer networks to a standstill Tuesday, hindering efforts in Ontario to recover from last week's power outage and forcing Air Canada to check passengers in manually across the country. Vancouver International Airport reported huge delays and long line ups in the international departures terminal as the virus slowed Air Canada's check-in computer system.

Air Canada spokeswoman Laura Cooke said the virus affected the airline's call centre in Toronto and check-in systems across the country.

``It is causing delays in processing customers at airports,'' she said.

The worm also slowed Ontario's efforts to repair the hydro system from last week's blackout.

``The system is under attack from the virus, and we've had more problems with this particular virus this afternoon than any other previous virus in Ontario,'' said Terry Young, a spokesman for the Ontario's Independent Electricity Market Operator.

Inside the terminal in Vancouver, passengers, some of whom have been stranded since the blackout-related problems of last Thursday, were frustrated.

``It's a nightmare,'' said one unidentified woman. ``The service is so bad; the management was so bad. The system is just a mess, just a mess. I had my luggage delivered to Toronto, I was told on Saturday, so I don't have anything.''

The worm targets computers running Windows 2000 and Windows XP and infected with the blaster worm. Once it deletes the blaster worm, the computer attempts to download a patch of the Microsoft update site, installs the patch and reboots the computer.

It searches for active computers by sending a signal across the Internet, which results in significant increases in traffic.

Internet security firm Symantec identified over 600,000 computers on Tuesday afternoon that were affected by one of the two worms.

Telus, the country's second-biggest phone company, saw operations for 411 operators slowed as the worm infected a number of internal systems at the company, while Corus Entertainment's Web site was down until the company was able to clean up its system.

The worm snarled the network at the CBC, slowing the broadcaster's Web site.

The Blaster worm also affected some computers of Ontario's emergency response system dealing with the aftermath of last week's huge blackout across a swath of the province and eight U.S. states.

Dr. James Young, the Ontario commissioner of public safety, said the problem was ``making our job more difficult.''

Symantec assessed the worm a ``Level 4'' threat, the second-highest, due to reports of severe disruptions on internal networks.

``Despite its original intent, the W32.Welchia.Worm is an insidious worm that is preventing IT administrators from cleaning up after the W32.Blaster.Worm,'' Vincent Weafer, senior director of Symantec Security Response, said.

``The worm is swamping network systems with traffic and causing denial of service to critical servers with organizations.''

It was not known where either of the worms originated. However, blaster, also known as lovsan because of a note it left on vulnerable computers _ ``I just want to say LOVE YOU SAN!'' _ also carried a hidden message to taunt Microsoft's chairman: ``billy gates why do you make this possible? Stop making money and fix your software!''

Blaster exploited a flaw in most current versions of Microsoft's Windows operating system for personal computers, laptops and server computers. Although Microsoft posted a software patch to fix the flaw on July 16, many users failed to download the patch, leaving them vulnerable to the worm, which first started hitting computers around the world on Monday.

The worm caused computers to reboot frequently or disrupted browsing of the Internet. Last week, blaster forced Maryland's motor vehicle agency to close for the day and kicked Swedish Internet users offline as it spread, its instruction set triggering Windows computers to shut down and restart.

It also packed a second punch: starting at midnight local time Aug. 16, infected computers that had not cleaned up the virus turned into a legion of zombies instructed to repeatedly call up a Microsoft Web site that houses the software patch. With so much traffic flooding the network, the site would be unreachable and computer users would be unable to access the patch.

[/ QUOTE ]

T_sig6.gif


Just a note for all you folks running OS X: We get patches, too. The latest security update your system should have automatically tried to get you to install (unless you turned off "Auto Update" completely) came out on the 14th. If you're a good user, you updated your OS. You're all good users, right? OK.
 

NightStorm

Flashlight Enthusiast
Joined
Jun 16, 2002
Messages
1,090
Location
Between a rock & a hard place.
Yes I am Tomas. I get my patches, update my viral software and run standard maintenance every Sunday night (I don't like auto-updates, they interfere with my connection when I'm at a secured site). Its a dang shame that in this technological society, people don't know jack squat about maintenance, wether its cars, computers or even their VCRs. When will they learn? /ubbthreads/images/graemlins/frown.gif

Dan
 

highlandsun

Enlightened
Joined
Aug 11, 2002
Messages
607
Location
Los Angeles, CA
Atari TT here, with the 19" monochrome ECL monitor. Running MiNT, which I contributed a lot of code to a long time ago. This is definitely a case of too few systems and too few competent programmers to even create a virus in the first place...
 

The_LED_Museum

*Retired*
Joined
Aug 12, 2000
Messages
19,414
Location
Federal Way WA. USA
When I ran a Commodore 64, only one virus ever got written for it (up until about 10 years ago when I switched to a pee cee), and there were enough warnings about it that it never got run. Not on my 64 anyway. /ubbthreads/images/graemlins/tongue.gif
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Dan, I don't let my machines auto update ANYTHING.

Updates require my personal admin OK.

At the same time, I don't mind one tiny part of my system's brain checking once a week to see if there ARE any updates. Takes a couple seconds and so far hasn't interrupted anything else. The system does NOT download any updates without my sayso.

When my system is done checking, it display a window in background that I will eventually look at myself and decide what gets installed when.

There are 3 current updates that I have not installed because I don't run the applications. Other than that, I'm up to date.

I see there is yet another new virus out there in the wild now, feasting on MS droppings.

So far I haven't even had one of those make it as far as my on-board mail filters. Either I'm in a forgotten or ignored corner of the network universe, or the two layers of pre-filtering done by two outside companies for my e-mail are keeping it out entirely.

T_sig6.gif
 
Top